CVE-2026-34883
Dell Color Management Software, version(s) 3.6.0 and prior, contain(s) an improper handling of symbolic links during installation. A low privileged attacker with local access could potentially exploit this vulnerability to overwrite arbitrary files, leading to elevation of privileges.
Corrective Action
If the previous version is on the system do not uninstall before installing Dell Color Management version 3.7.0.0 or higher. The installer will overwrite all the files to remove the exploit.
CVE-2025-53398
Dell Color Management Software, version(s) 3.3.008 and prior, contain(s) creation of weak permission install folder when using a custom installation path. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
CVE-2025-53919
Dell Color Management Software, version(s) 3.3.008 and prior, contain(s) creation of weak temporary folder during the uninstallation. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges
Portrait Displays would like to thank Falcon Corruption @falconCorrup for reporting this issue.
Corrective Action:
If the previous version is on the system do not uninstall before installing Dell Color Management version 3.5.3.0 or higher. The installer will overwrite all the files to remove the exploit. The latest release version of
Dell Color Management can be downloaded here.